Arbitrary File Deletion Vulnerability in Dell SupportAssist Client
CVE-2021-36286
7.1HIGH
What is CVE-2021-36286?
The Dell SupportAssist Client Consumer, versions 3.9.13.0 and earlier, is impacted by a vulnerability that allows non-privileged users to exploit NTFS symbolic links and junction points. This issue arises when the SupportAssist application's functionality to clean files fails to properly differentiate between junction points and physical folders. By leveraging this flaw, an attacker can manipulate the system to delete arbitrary files that typically require administrative access, thus posing a significant risk to system integrity.
Affected Version(s)
SupportAssist Client Consumer <= 3.9.13.0